Re: cdrecord local root exploit

[Marcus Meissner <meissner () suse de>]

On Tue, Sep 14, 2004 at 01:51:51PM +1200, Volker Kuhlmann wrote:
> > > echo "cdr-exp.sh -- CDRecord local exploit ( Tested on cdrecord-2.01-0.a27.2mdk + Mandrake10)"
>
> > I don't see how this is a bug in cdrecord. It's a bug in Mandrake, caused by
> > shipping cdrecord setuid root. You could do the same thing with CVS (set
> > CVS_RSH to /tmp/s) if your distribution was dumb enough to ship cvs setuid
> > root, I would think, yet that wouldn't be a bug in CVS.
>
> The author of cdrecord obstinately argues that cdrecord must be
> installed suid root, and is explicitly recommended. Especially SuSE,
> who does not install cdrecord suid root, has taken a lot of flak over
> this lately (investigate special SuSE copyright in versions 2.01a36 to
> 40 or so). It also seems that kernel 2.6.8 has changes included which
> make it impossible(?) not to run cdrecord suid root. Seems like a
> downhill to me but I'm not really qualified to comment.

This has been fixed later on at least.

> In any case it would be inappropriate to call it a bug "in cdrecord"
> when only testing the Mdk version, esp given the amount of patching
> applied by Mdk. First test a vanilla cdrecord, then other distros.

SUSE is btw not affected, since we have (as previously discussed), patched
cdrecord. ;)

Ciao, Marcus

Attachment: _bin
Description: